The present invention relates generally to the field of mobile device application security, and more particularly to determining the reputation of mobile device applications from dynamic interactions at run-time.
The volume of mobile devices used for business, personal and recreational activity continues to grow at impressive rates. Coinciding with the demand and growth in use of mobile devices is the large number of available applications (apps) that operate on the mobile devices, and significantly more that continue to be developed.
The large number of apps makes it difficult for a user to evaluate each app to determine which is the most appropriate, and users may not take time to do their own investigation before downloading apps to their mobile device. Users may elect to rely on sources describing the popularity, novelty, and implied necessity of an app, or directly observe an app on another user's mobile device, to make a decision on obtaining an app. This approach includes significant risk for the use of new apps and ignores the potential threat of malware delivery through downloaded apps.
Mobile devices provided by employers or used for business purposes may include “rules” governing the business approved handling and sharing of documents, data, and communications. The rules may serve to protect personal, sensitive or business/trade confidential information; however, rules add complexity to users' decisions of application download and use.
Users of mobile devices typically include a plurality of apps on a mobile device, each having a specific function or service it performs, which can be used directly by user activity, or by other applications, to complete a sequence of activities. Mobile devices use an operating system (OS), for example, Android™ OS (Android is trademark of Google Inc.). The Android™ OS uses “intents”, which are asynchronous messages which allow applications (apps) to request functionality from other components of the OS or other applications. Its most significant use is in the launching of activities, where it can be thought of as the binding connection between activities.
Intent messaging is a facility for late run-time binding between components in the same or different applications. The intent itself is an intent object; a passive data structure holding an abstract description of an action to be performed. An intent object is a bundle of information containing the component name receiving the message, the action to be taken, service to be launched, or broadcast receiver to be active, and the data to act on. The action or service is a string that names the action to be performed or service to be launched. The data information is the universal resource identifier (URI) of the data to be acted on and the multipurpose internet mail extension (MIME) type of the data. If instead the requirements of an application can be specified by intent filters, an implicit intent can be used. The system then determines the best component or components to use, even if it is in a separate application or native to the OS.
Other operating systems may use similar techniques to enable interaction of applications making use of application specific function, to perform more complex activities.
Security is an important aspect of selecting apps to add to a mobile device. Apps that have a known history of use by multiple users and interaction with other apps without malicious activity, obtain a positive “reputation” indicating a level of security and behavior observed from experience. An app reputation includes an evaluation and possibly a rating from a security, privacy and malicious behavior perspective, to provide guidance to users considering purchase or download of an app. Failure to determine reputation issues before downloading an app may result in exposure of the mobile device to security, privacy, performance or other malicious issues.